Hi, 2012/2/13 Bhargava Shastry <bshas****@gmail*****>: > Hello, > > I haven't come across an API for policy line deletion for TOMOYO 1.8. Is > there any way to delete portions of domain policy other than doing it > manually using ccs-editpolicy? I am thinking of using sed on the > domain_policy.conf with the specific string to be deleted. Yes, there is. If you give lines like "delete file read ..." to ccs-loadpolicy -d, "file read ..." access permissions will be revoked. ccs-diffpolicy compares policy definitions and the results will be produced as policy editing sequences like the above. For more information, please take a look at the following. http://tomoyo.sourceforge.jp/1.8/chapter-6.html Best regards, Toshiharu Harada harad****@gmail*****
TOMOYO
Fork